Report: Chinese TV doc reveals cyber-mischief

22 Aug 2011

The cyber-plot thickens: As you've read here on Buzz, China has jumped on the cyber-victimhood bandwagon. Beijing announced earlier this month that its networks get attacked all the time, too, apparently as part of a new campaign to fight the U.S. narrative that America is helpless against mean ol' China's relentless network intrusions, which have been robbing American governments and companies blind. To that end, China released an official TV documentary depicting the U.S. as an "implacable aggressor" in cyberspace, but in doing so, it also tipped its hand, according to a report in the newspaper Epoch Times.

As Matthew Robertson and Helena Zhu write, the documentary briefly shows Chinese cyber-operatives' computer screen, evidently as an illustration of their competence in defending against attacks. During those few seconds, Robertson and Zhu write, the program actually shows the commission of a cyber attack:

The screenshots appear as B-roll footage in the documentary for six seconds—between 11:04 and 11:10 minutes—showing custom-built Chinese software apparently launching a cyber-attack against the main website of the Falun Gong spiritual practice, by using a compromised IP address belonging to a United States university.

The screenshots show the name of the software and the Chinese university that built it, the Electrical Engineering University of China's People's Liberation Army—direct evidence that the PLA is involved in coding cyber-attack software directed against a Chinese dissident group.

The software window says "Choose Attack Target." The computer operator selects an IP address from a list—it happens to be 138.26.72.17—and then selects a target. Encoded in the software are the words "Falun Gong website list," showing that attacking Falun Gong websites was built into the software.

A drop-down list of dozens of Falun Gong websites appears. The computer operator chooses Minghui.org, the main website of the Falun Gong spiritual practice. The IP address 138.26.72.17 belongs to the University of Alabama in Birmingham (UAB), according to an online trace.

The shots then show a big "Attack" button on the bottom left being pushed, before the camera cuts away.

The Epoch Times is often critical of the Chinese government and connected with the Falun Gong movement.

Robertson and Zhu write that it's among the first public pieces of evidence that the Chinese government is a top cyber-aggressor, although defense and cyber-security officials have been saying for years that China is behind many of the attacks on American networks. But it's fascinating that the very piece of propaganda designed to shift blame elsewhere may have been what confirmed the world's suspicions.